Bug 41014: Update libdmg-hfsplus to drop our patch to disable OpenSSL support (!847) · Merge requests · The Tor Project / Applications / tor-browser-build

Pier Angelo Vendrame requested to merge pierov/tor-browser-build:bug_41014 into main Nov 08, 2023

Merge Info

Related Issues

tor-browser#xxxxx
mullvad-browser#xxxxx
#41014 (closed), #41020 (closed)

Backporting

Timeline

Immediate: patchset needed as soon as possible
Next Minor Stable Release: patchset that needs to be verified in nightly before backport
Eventually: patchset that needs to be verified in alpha before backport
No Backport (preferred): patchset for the next major stable

(Optional) Justification

Emergency security update: patchset fixes CVEs, 0-days, etc
Censorship event: patchset enables censorship circumvention
Critical bug-fix: patchset fixes a bug in core-functionality
Consistency: patchset which would make development easier if it were in both the alpha and release branches; developer tools, build system changes, etc
Sponsor required: patchset required for sponsor
Other: please explain
- The version we're using produces bad hfs's and users are presented with a scary warning. This updated version doesn't have the same problem, so the easiest way to solve it is to switch to this version.

Issue Tracking

Link resolved issues with appropriate Release Prep issue for changelog generation

Review

Request Reviewer

Request review from an applications developer depending on modified system:
- NOTE: if the MR modifies multiple areas, please /cc all the relevant reviewers (since gitlab only allows 1 reviewer)
- accessibility : henry
- android : clairehurst, dan
- build system : boklm
- extensions : ma1
- firefox internals (XUL/JS/XPCOM) : ma1
- fonts : pierov
- frontend (implementation) : henry
- frontend (review) : donuts, richard
- localization : henry, pierov
- macos : clairehurst, dan
- nightly builds : boklm
- rebases/release-prep : dan, ma1, pierov, richard
- security : ma1
- signing : boklm, richard
- updater : pierov
- misc/other : pierov, richard

Change Description

When I was writing the documentation about this project, I realized that I could either document our no-openssl patch, or just update the version, since now also Mozilla has a similar patch, so I opted for the second option 🙂.

I'm not sure about backporting because I don't sign.

But it could be easily backported if needed/consistency in the signing process simplifies it.

How Tested

Built a testbuild and the project outside the container to update the artifact name on signing tools.

~~I haven't checked reproducibility.~~ I've checked it only outside tor-browser-build (~~same machine, but at least after some minutes~~ also in two different machines).

Additional testing: create a dmg and extract it again:

# Extract an existing dmg from the 12.5 series, it works well with all versions
./dmg iso tor-browser.dmg tor-browser.hfs
./dmg dmg tor-browser.hfs tor-browser-repack.dmg
./dmg iso tor-browser-repack.dmg tor-browser-repack.hfs
# Previous version: bad! New version: the files are the same.
cmp tor-browser.hfs tor-browser-repack.hfs
# Repack again, maybe after some minutes or even better in another machine
./dmg dmg tor-browser.hfs tor-browser-repack-repro.dmg
# Will be the same file
cmp tor-browser-repack.dmg tor-browser-repack-repro.dmg

Edited Nov 16, 2023 by Pier Angelo Vendrame

Bug 41014: Update libdmg-hfsplus to drop our patch to disable OpenSSL support